Commit f29d6acb authored by Natanael Copa's avatar Natanael Copa
Browse files

main/linux-grsec: upgprade to 3.9.3 and update flush arp cache patch

fixes #1926
(cherry picked from commit e5c176c6)
parent 473d40bb
From 8a0e3ea4924059a7268446177d6869e3399adbb2 Mon Sep 17 00:00:00 2001
From: Timo Teras <timo.teras@iki.fi>
Date: Mon, 12 Apr 2010 13:46:45 +0000
Subject: [PATCH 04/18] arp: flush arp cache on device change
If IFF_NOARP is changed, we must flush the arp cache.
Signed-off-by: Timo Teras <timo.teras@iki.fi>
---
net/ipv4/arp.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 4e80f33..580bfc3 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo
neigh_changeaddr(&arp_tbl, dev);
rt_cache_flush(dev_net(dev), 0);
break;
+ case NETDEV_CHANGE:
+ neigh_changeaddr(&arp_tbl, dev);
+ break;
default:
break;
}
--
1.7.0.2
......@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.9.2
pkgver=3.9.3
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=2
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -17,9 +17,9 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-2.9.1-3.9.2-201305162327.patch
grsecurity-2.9.1-3.9.3-201305201732.patch
0004-arp-flush-arp-cache-on-device-change.patch
v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
leds-leds-gpio-reserve-gpio-before-using-it.patch
kernelconfig.x86
......@@ -145,23 +145,23 @@ dev() {
}
md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
adeb2556568f79e827e7a0ce4c483605 patch-3.9.2.xz
089d16b7c5306ed0d42e344ce1b59615 grsecurity-2.9.1-3.9.2-201305162327.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
71b31e29e0cb437a27017c781293b6f4 patch-3.9.3.xz
e881cf0db639205660f237ceea58f708 grsecurity-2.9.1-3.9.3-201305201732.patch
699e92148cc9a55b6fc4d7d81e476717 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch
ae4d8b3e917cdea5330ec52048080de3 kernelconfig.x86
839de81fedd3a6294d42da70a3fb99e0 kernelconfig.x86_64"
fd6fd35309c0e8c1f05cb725df958f22 kernelconfig.x86
fd61ff58d25155997c0d6f73e7ca7a7d kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
069126b2b70acbc27fada2bf67235238fd90ff103267b1bb392244a301321996 patch-3.9.2.xz
3de1633f26c46a4c93af8497d889a5acc37db54adaa4f3677cb5c5c027787254 grsecurity-2.9.1-3.9.2-201305162327.patch
e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch
248ab5f9a42b72e5c3d961520a5fff609a625bbf570ad45d7ae97009525b94d7 patch-3.9.3.xz
c1b4310085ff07200131dc841a0a22f84a7f166c3b25464e27dd2694584bc72c grsecurity-2.9.1-3.9.3-201305201732.patch
8e2f41605937eecd47cefe62daefd372dbf1e63cf956ab3ced3213ac2b508ee3 v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch
513a5f387e7453169a7f41c1ba42da3229e47edd58b5ac18da31f04905c5c0bf kernelconfig.x86
e842cf49decc9a8f5c0f2e4b431382f521fe41db22f2c2e6a1c077b2b158b3ab kernelconfig.x86_64"
b44c6671b344ddae1da94e6c051a0e708af8609c1f2ff40d962301ed5023c83a kernelconfig.x86
7a6700a6db89f8c2c7f8cce7d77f4ddb3fcad889d72c709c2833af795ef1bc79 kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
439e32edab86f8b1bd49bc4c9325e11520d78b8182ae88aebf46a4be319c4633d6d896e2ecd3fe0363d9247f5af88a989aafca9103b8e1544262bd191440dae9 patch-3.9.2.xz
652847ba23a7761d6fe90a04deb68f28cdde65d71bd9a53355075ba8410279250d36169359fa759208fcf45b5bfc1cc9505f072e93dd47eae5c464652760aa97 grsecurity-2.9.1-3.9.2-201305162327.patch
b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch
ae2bca3f0d274281d7ae88bb835d129a036350dfd3e9e941d7a0175194b2cbccffb5f8b5a20e5a7498cb5a097c6376d8cb1032ea048051b08ec0dd05309c09eb patch-3.9.3.xz
d6aa751d1fac8c4d758f9479bc6b08f70d8725c6c74b63446def044f42260a8beb1f540ae4473ec57f42538513d3ccb42de41c8cc721b9b85d8cfbaef7ab85d5 grsecurity-2.9.1-3.9.3-201305201732.patch
772c847cd74b12ed22266042c0902d8a3cf09c897b6e1c01148dfcd2f01aed331f292e82c34bb718090dc0898e1ef364196272bff885a32378f7fbc8bfc06a9b v2-net-next-arp-flush-arp-cache-on-IFF_NOARP-change.patch
10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch
57dc79b8b08a81993e1050197886c7f91a609843ed2f919eabd6769860fb1383e87a433def8f6b544a8c6382180822b863869ef76183c4d9df421465fe13c220 kernelconfig.x86
0ce361b417821fc3795c4d8e4b3a8eeecbdc7df66261f744c55d288186f9a7d2a367f80bac2ff29c0d5c54f133cbbd74f3ec5e0147b0e7c04462627724dd3572 kernelconfig.x86_64"
2516c47145f53cfa5624a9a8839b3590fd16a980aa4c8c48af4db025960d33abe855a5c698ee701a0d3704a96a9a3f93cd6c3cc8c9b8fdf73f230c15ad2f7611 kernelconfig.x86
0a3739e5e1fe29fcce8c686d8ac223316467a2efaaa18cb3d1abf6c7a66dc86be12c26755dff1aef6d0f5a028ce4f6dfc5664ab42b484046949f401f3b9198f9 kernelconfig.x86_64"
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 3.9.2 Kernel Configuration
# Linux/x86 3.9.3 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
......@@ -83,7 +83,6 @@ CONFIG_IRQ_DOMAIN=y
CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y
CONFIG_KTIME_SCALAR=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
......@@ -4735,6 +4734,9 @@ CONFIG_INFINIBAND_ISER=m
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_SYSTOHC=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
#
......
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 3.9.2 Kernel Configuration
# Linux/x86 3.9.3 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
......@@ -85,7 +85,6 @@ CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_ARCH_CLOCKSOURCE_DATA=y
CONFIG_ALWAYS_USE_PERSISTENT_CLOCK=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
......@@ -4650,6 +4649,9 @@ CONFIG_INFINIBAND_ISER=m
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_SYSTOHC=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
#
......
From patchwork Tue May 21 10:23:44 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [v2,net-next] arp: flush arp cache on IFF_NOARP change
Date: Tue, 21 May 2013 00:23:44 -0000
From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi>
X-Patchwork-Id: 245256
Message-Id: <1369131824-6318-1-git-send-email-timo.teras@iki.fi>
To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org, kaber@trash.net
Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
IFF_NOARP affects what kind of neighbor entries are created
(nud NOARP or nud INCOMPLETE). If the flag changes, flush the arp
cache to refresh all entries.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
> This patch makes no sense at all.
>
> The state bit in ->priv_flags is a boolean stating whether the
> notified should do something or not.
>
> But you're setting it to match what IFF_NOARP is.
>
> You should set it any time IFF_NOARP _changes_, and then clear
> the bit when the notifier clears the neighbour entries.
IFF_NOARP_CHANGED is set according to "changes = dev->flags ^ old_flags;"
which reflect the change. But I agree that the clearing out bit was
misplaced. This is especially true as it seems NETDEV_CHANGE can be
notified from another place too.
I've updated the if.h comment to state that the bit is valid only during
NETDEV_CHANGE notifier. And __dev_notify_flags is updated to always clear
the bit after notifiers are done.
include/uapi/linux/if.h | 2 ++
net/core/dev.c | 6 +++++-
net/ipv4/arp.c | 4 ++++
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/if.h b/include/uapi/linux/if.h
index 1ec407b..1be8b35 100644
--- a/include/uapi/linux/if.h
+++ b/include/uapi/linux/if.h
@@ -83,6 +83,8 @@
#define IFF_SUPP_NOFCS 0x80000 /* device supports sending custom FCS */
#define IFF_LIVE_ADDR_CHANGE 0x100000 /* device supports hardware address
* change when it's running */
+#define IFF_NOARP_CHANGED 0x200000 /* Set during NETDEV_CHANGE notifier
+ * if IFF_NOARP has changed */
#define IF_GET_IFACE 0x0001 /* for querying only */
diff --git a/net/core/dev.c b/net/core/dev.c
index 18e9730..ce30761 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4699,8 +4699,12 @@ void __dev_notify_flags(struct net_device *dev, unsigned int old_flags)
}
if (dev->flags & IFF_UP &&
- (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE)))
+ (changes & ~(IFF_UP | IFF_PROMISC | IFF_ALLMULTI | IFF_VOLATILE))) {
+ if (changes & IFF_NOARP)
+ dev->priv_flags |= IFF_NOARP_CHANGED;
call_netdevice_notifiers(NETDEV_CHANGE, dev);
+ dev->priv_flags &= ~IFF_NOARP_CHANGED;
+ }
}
/**
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 247ec19..375b2f2 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -1241,6 +1241,10 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event,
neigh_changeaddr(&arp_tbl, dev);
rt_cache_flush(dev_net(dev));
break;
+ case NETDEV_CHANGE:
+ if (dev->priv_flags & IFF_NOARP_CHANGED)
+ neigh_changeaddr(&arp_tbl, dev);
+ break;
default:
break;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment